Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/exbuzKQseC2GcTHEzsLXORS3IGs.roa
File:                     exbuzKQseC2GcTHEzsLXORS3IGs.roa (raw, json)
Hash identifier:          yFIJrmpGoU8KZdtxu+9KATONDsZ2T/EKnDOHj3oKPJw=
Subject key identifier:   7B:16:EE:CC:A4:2C:78:2D:86:71:31:C4:CE:C2:D7:39:14:B7:20:6B
Certificate issuer:       /CN=111d6814375271d1a3cbd12155db11d2bd41a8d3
Certificate serial:       0195F75BE5F10EF980707CCD07877C7692E7
Authority key identifier: 11:1D:68:14:37:52:71:D1:A3:CB:D1:21:55:DB:11:D2:BD:41:A8:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ER1oFDdScdGjy9EhVdsR0r1BqNM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/exbuzKQseC2GcTHEzsLXORS3IGs.roa
Signing time:             Wed 02 Apr 2025 16:35:49 +0000
ROA not before:           Wed 02 Apr 2025 16:35:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60695
IP address blocks:        155.133.33.0/24 maxlen: 24
                          155.133.60.0/23 maxlen: 23
                          185.225.100.0/22 maxlen: 22
                          185.228.108.0/22 maxlen: 22
                          2a06:1e00::/29 maxlen: 48
                          2a06:1e00::/48 maxlen: 48
                          2a06:1e00:5::/48 maxlen: 48
                          2a06:1e00:14::/48 maxlen: 48
                          2a06:1e00:18::/48 maxlen: 48
                          2a06:1e00:1e::/48 maxlen: 48
                          2a06:1e00:30::/48 maxlen: 48
                          2a06:1e00:40::/48 maxlen: 48
                          2a06:1e00:50::/48 maxlen: 48
                          2a06:1e00:60::/48 maxlen: 48
                          2a0d:a00::/29 maxlen: 29
                          2a0d:b400::/29 maxlen: 48
                          2a0e:4d00::/29 maxlen: 29
Validation:               Failed, certificate revoked on Mon 07 Apr 2025 12:58:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:f7:5b:e5:f1:0e:f9:80:70:7c:cd:07:87:7c:76:92:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=111d6814375271d1a3cbd12155db11d2bd41a8d3
        Validity
            Not Before: Apr  2 16:35:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7b16eecca42c782d867131c4cec2d73914b7206b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:e5:c9:87:b2:51:e7:d9:c0:48:88:c1:80:7d:
                    ae:25:63:14:07:1d:81:3e:e3:c6:ac:99:31:c0:e5:
                    04:5c:da:2b:70:7a:02:f7:dc:0f:b4:6c:d4:d4:a7:
                    55:18:a6:ce:b2:0c:9c:c9:b9:4b:ac:f8:a7:9e:1a:
                    28:d6:29:6e:49:4b:6a:6d:f0:fe:66:71:a6:bc:32:
                    63:77:aa:6a:2a:9a:df:9e:03:56:01:6e:9f:15:b2:
                    f9:4f:a5:5e:fe:0d:b8:a8:b6:f8:5e:91:f6:2f:37:
                    5b:60:3a:bf:22:22:8c:04:a4:b3:1a:ed:b4:d3:70:
                    b5:eb:2c:85:f9:85:6e:76:33:46:55:a5:92:6a:63:
                    4a:70:35:6a:a8:e4:0e:9c:ee:0b:ca:b6:3f:91:11:
                    c7:9d:b1:7c:ea:db:b1:2b:63:4d:47:2d:19:2a:7a:
                    3a:51:40:29:f3:12:d8:aa:f5:df:8f:32:18:f3:50:
                    a1:46:46:37:92:48:21:a6:19:00:3a:56:8e:6d:d9:
                    62:a2:da:78:ce:a6:c2:07:2e:2f:76:cf:4b:a2:96:
                    fb:59:44:42:2f:9b:79:bb:22:89:f6:2e:e5:b4:48:
                    a9:ec:94:d7:21:b1:00:c9:03:ff:10:e5:a4:8e:f5:
                    69:d3:df:bf:e2:be:1f:f4:3b:cd:52:e4:7a:ef:98:
                    7a:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:16:EE:CC:A4:2C:78:2D:86:71:31:C4:CE:C2:D7:39:14:B7:20:6B
            X509v3 Authority Key Identifier:
                keyid:11:1D:68:14:37:52:71:D1:A3:CB:D1:21:55:DB:11:D2:BD:41:A8:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ER1oFDdScdGjy9EhVdsR0r1BqNM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/exbuzKQseC2GcTHEzsLXORS3IGs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/ER1oFDdScdGjy9EhVdsR0r1BqNM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.133.33.0/24
                  155.133.60.0/23
                  185.225.100.0/22
                  185.228.108.0/22
                IPv6:
                  2a06:1e00::/29
                  2a0d:a00::/29
                  2a0d:b400::/29
                  2a0e:4d00::/29

    Signature Algorithm: sha256WithRSAEncryption
         70:ea:af:d1:e0:c9:49:2a:16:fe:11:2c:51:a7:26:1d:9e:14:
         49:d2:e9:60:79:b6:fe:75:3e:2f:98:7b:d9:51:92:53:27:7c:
         b6:26:4e:a7:cd:9a:c9:68:f8:8d:de:6e:6e:db:be:0b:dc:1d:
         8b:fd:1f:8c:5f:92:d4:0e:7f:c1:9e:c7:d3:11:73:30:5f:95:
         db:4a:ca:71:d0:dd:ae:cc:bc:6d:36:52:cf:13:07:06:2d:49:
         68:ed:e0:00:73:98:33:f1:05:fe:35:dc:04:0d:1f:53:19:b6:
         dd:03:21:16:23:ca:a4:a7:7a:4c:e7:5f:bf:3b:60:06:ca:5a:
         f1:eb:8a:8e:1a:8a:69:ac:2b:8e:64:ad:79:32:9e:59:86:ff:
         b4:ce:b0:d9:a3:be:89:bb:96:39:1a:4b:bc:df:b9:d3:b8:f6:
         6c:ea:64:d1:04:98:70:4b:b4:f5:de:dd:d9:2a:fe:3c:92:1a:
         69:2e:be:64:e0:28:6d:e9:1f:1d:10:96:87:76:70:93:b2:31:
         1b:25:38:ff:5d:ad:9e:fd:ab:6c:5c:3e:df:6a:a6:70:9a:d4:
         fc:e4:23:fd:33:44:26:d1:7f:ae:e7:20:7c:ec:2e:e9:47:35:
         d5:61:65:c2:02:b9:d3:c5:5a:71:1b:a2:2f:53:ad:64:5a:31:
         c8:0a:eb:ca
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZX3W+XxDvmAcHzNB4d8dpLnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMWQ2ODE0Mzc1MjcxZDFhM2NiZDEyMTU1ZGIxMWQyYmQ0
MWE4ZDMwHhcNMjUwNDAyMTYzNTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjE2ZWVjY2E0MmM3ODJkODY3MTMxYzRjZWMyZDczOTE0YjcyMDZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAruXJh7JR59nASIjBgH2uJWMUBx2B
PuPGrJkxwOUEXNorcHoC99wPtGzU1KdVGKbOsgycyblLrPinnhoo1iluSUtqbfD+
ZnGmvDJjd6pqKprfngNWAW6fFbL5T6Ve/g24qLb4XpH2LzdbYDq/IiKMBKSzGu20
03C16yyF+YVudjNGVaWSamNKcDVqqOQOnO4LyrY/kRHHnbF86tuxK2NNRy0ZKno6
UUAp8xLYqvXfjzIY81ChRkY3kkghphkAOlaObdliotp4zqbCBy4vds9Lopb7WURC
L5t5uyKJ9i7ltEip7JTXIbEAyQP/EOWkjvVp09+/4r4f9DvNUuR675h6cQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFHsW7sykLHgthnExxM7C1zkUtyBrMB8GA1UdIwQY
MBaAFBEdaBQ3UnHRo8vRIVXbEdK9QajTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVIxb0ZEZFNjZEdqeTlFaFZkc1IwcjFCcU5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9hOGIxNGItZmIyNS00N2Y4LThiMGQt
MjcxZDI1ZTIwNTc0LzEvZXhidXpLUXNlQzJHY1RIRXpzTFhPUlMzSUdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9hOGIxNGItZmIyNS00N2Y4LThiMGQtMjcxZDI1ZTIwNTc0
LzEvRVIxb0ZEZFNjZEdqeTlFaFZkc1IwcjFCcU5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDAeBAIAATAYAwQAm4UhAwQB
m4U8AwQCueFkAwQCueRsMCIEAgACMBwDBQMqBh4AAwUDKg0KAAMFAyoNtAADBQMq
Dk0AMA0GCSqGSIb3DQEBCwUAA4IBAQBw6q/R4MlJKhb+ESxRpyYdnhRJ0ulgebb+
dT4vmHvZUZJTJ3y2Jk6nzZrJaPiN3m5u274L3B2L/R+MX5LUDn/BnsfTEXMwX5Xb
Sspx0N2uzLxtNlLPEwcGLUlo7eAAc5gz8QX+NdwEDR9TGbbdAyEWI8qkp3pM51+/
O2AGylrx64qOGopprCuOZK15Mp5Zhv+0zrDZo76Ju5Y5Gku837nTuPZs6mTRBJhw
S7T13t3ZKv48khppLr5k4Cht6R8dEJaHdnCTsjEbJTj/Xa2e/atsXD7faqZwmtT8
5CP9M0Qm0X+u5yB87C7pRzXVYWXCArnTxVpxG6IvU61kWjHICuvK
-----END CERTIFICATE-----